Title :
A simple framework for distributed forensics
Author :
Tang, Yongping ; Daniels, Thomas E.
Author_Institution :
Dept. of Electr. Eng. & Comput. Eng., Iowa State Univ., Ames, IA, USA
Abstract :
Networks have become omnipresent in today´s world and part of the basic infrastructure. The safety problem is important and urgent for all the network users. But the current situation in this field is very severe - not only is it difficult to block network criminals but also in many cases unable to find them out. There is a growing need for systems that allow not only the detection of complex attacks, but after the fact understanding of what happened. This could be used in a forensic sense or simply as a managerial tool to recover and repair damaged systems. There are few network systems that support forensic evidence collection and the current systems also lack effective attack attribution. In this paper, we will provide a network forensics framework based on the distributed techniques thereby providing an integrated platform for automatic forensic evidence collection and efficient data storage, supporting easy integration of known attribution methods, effective cooperation and an attack attribution graph generation mechanism to illustrate hacking procedures.
Keywords :
computer crime; computer networks; multi-agent systems; telecommunication security; automatic forensic evidence collection; data storage; distributed forensics system; graph generation mechanism; network criminals; repair damaged system; Complex networks; Computer crime; Costs; Digital signatures; Finance; Forensics; Internet; Memory; Protection; Safety; Agent; Attack Attribution Graph; Distributed Forensics System; Proxy;
Conference_Titel :
Distributed Computing Systems Workshops, 2005. 25th IEEE International Conference on
Print_ISBN :
0-7695-2328-5
DOI :
10.1109/ICDCSW.2005.24
